sse-streaming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override system behavior or bypass safety filters. The instructions are strictly technical.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The skill correctly identifies the need for API keys but does not provide any.
- Obfuscation (SAFE): No encoded strings, zero-width characters, or hidden content were found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references a hypothetical or internal library 'pplx-sdk', which is consistent with its stated purpose. There are no patterns for downloading and executing remote scripts.
- Indirect Prompt Injection (LOW): The skill describes parsing external data from an API stream. While this is an ingestion point for untrusted data, the skill provides specific rules (JSON parsing) and does not exhibit exploitable capabilities like command execution. The surface is well-defined and restricted to data handling.
Audit Metadata